f5 BIG-IP working as IPS

Question

Hello all&nbsp;
I would like to know if somebody has ever tried to make a BIG-IP appliance as an IPS solution, in order to replace for example any of the Gartner IPS leaders' quadrant solutions... I would think we are not able to do so, but I think I heard somebody saying that we can... could you please help me with this doubt? Thanks in advance!!&nbsp;

samstep · Answer

ASM can be used as a Layer7-only IPS (HTTP-based intrusions on ports 80/443). It will not cover lower layers, protocols other than HTTP/HTTPS and things like protocol-tunneling etc &nbsp;

james_affeld · Answer

AFM has an IPS now, Protocol Inspection. It provides protocol compliance checks that implement a positive security model (the traffic must match or it is alerted/dropped/rejected), and signatures that implement a negative security model (matching traffic generates alerts/is dropped or rejected). The signatures implement a subset of the Snort rules language syntax, but the matching engine is different. There's a subscription service available for updated signatures, and users can write their own custom signatures. Custom signatures are a pain due to some validation bugs, but they show a lot of promise.

As a drop-in replacement for an industry-leading IPS, it's probably not viable at this point. As an enhancement where there's already a BIG-IP, yeah it could completely avoid the need to add another device.

Forum Discussion

f5 BIG-IP working as IPS

Recent Discussions

AS3 Limitations

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

FTP PASV mode to Extended Passive mode

Related Content

Help F5 Transform the BIG-IP Administrator Certification

BIG-IP Next: iRules pool routing

BIG-IP Telemetry Streaming to Azure

BIG-IP Next Automation: AS3 Basics

Happy 20th Birthday, BIG-IP TMOS!

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS